top of page
ALL POSTS
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Bypass Flaw (CVE-2026-0257)
Key Findings CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS affecting GlobalProtect portals and gateways Active exploitation confirmed by Rapid7 starting May 17, 2026, with two distinct attack waves originating from different hosting providers Vulnerability allows attackers to forge authentication cookies and bypass VPN access controls without credentials CISA added the flaw to its Known Exploited Vulnerabilities catalog in early June, re
Jun 153 min read
PAN-OS GlobalProtect Authentication Bypass Vulnerability Under Active Exploitation in the Wild
Key Findings CVE-2026-0257 is an authentication bypass vulnerability actively exploited in the wild against Palo Alto Networks PAN-OS appliances Threat actors can forge valid VPN authentication cookies without credentials if specific certificate configurations exist CISA added this flaw to the Known Exploited Vulnerabilities catalog due to active exploitation campaigns A single threat actor orchestrated at least two waves of attacks starting May 17, 2026, successfully obtaini
May 303 min read
Palo Alto PAN-OS Zero-Day Vulnerability Under Active Exploitation
Key Findings Critical buffer overflow vulnerability CVE-2026-0300 in Palo Alto Networks PAN-OS is actively being exploited in the wild with limited confirmed attacks Flaw affects authentication portals on PA-Series and VM-Series firewalls, allowing unauthenticated attackers to execute code with root privileges CVSS score of 9.3 with low attack complexity means the vulnerability is easily exploitable and automatable for mass campaigns More than 5,800 publicly exposed VM-Series
May 62 min read
Palo Alto Networks PAN-OS Zero-Day Under Active Exploitation for Remote Code Execution
Key Findings Critical buffer overflow vulnerability (CVE-2026-0300) in Palo Alto Networks PAN-OS is actively exploited in the wild CVSS score of 9.3 allows unauthenticated remote code execution with root privileges on PA-Series and VM-Series firewalls Exploitation primarily targets User-ID Authentication Portals exposed to the internet or untrusted networks Patches begin rolling out May 13, 2026, with staggered availability across multiple PAN-OS versions Risk significantly r
May 62 min read
bottom of page
